diff --git a/0140-prov_no-cache.patch b/0140-prov_no-cache.patch new file mode 100644 index 0000000..3dee746 --- /dev/null +++ b/0140-prov_no-cache.patch @@ -0,0 +1,103 @@ +diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c +index d311158d77589..70715e7d6a99c 100644 +--- a/crypto/core_fetch.c ++++ b/crypto/core_fetch.c +@@ -120,7 +120,7 @@ static void ossl_method_construct_this(OSSL_PROVIDER *provider, + * It is *expected* that the put function increments the refcnt + * of the passed method. + */ +- data->mcm->put(data->store, method, provider, algo->algorithm_names, ++ data->mcm->put(no_store ? data->store : NULL, method, provider, algo->algorithm_names, + algo->property_definition, data->mcm_data); + + /* refcnt-- because we're dropping the reference */ +diff --git a/test/nocache-and-default.cnf b/test/nocache-and-default.cnf +new file mode 100644 +index 0000000000000..cf5ca8d114151 +--- /dev/null ++++ b/test/nocache-and-default.cnf +@@ -0,0 +1,18 @@ ++openssl_conf = openssl_init ++ ++# Comment out the next line to ignore configuration errors ++config_diagnostics = 1 ++ ++[openssl_init] ++providers = provider_sect ++ ++[provider_sect] ++test = test_sect ++default = default_sect ++ ++[test_sect] ++module = ../test/p_test.so ++activate = true ++ ++[default_sect] ++activate = true +diff --git a/test/p_test.c b/test/p_test.c +index 2d20190d4d57b..05f71ec8347c0 100644 +--- a/test/p_test.c ++++ b/test/p_test.c +@@ -230,12 +230,21 @@ static const OSSL_ITEM *p_get_reason_strings(void *_) + return reason_strings; + } + ++static const OSSL_ALGORITHM *p_query(OSSL_PROVIDER *prov, ++ int operation_id, ++ int *no_cache) ++{ ++ *no_cache = 1; ++ return NULL; ++} ++ + static const OSSL_DISPATCH p_test_table[] = { + { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_gettable_params }, + { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))p_get_params }, + { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, + (void (*)(void))p_get_reason_strings}, + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, ++ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query }, + OSSL_DISPATCH_END + }; + +diff --git a/test/recipes/20-test_nocache.t b/test/recipes/20-test_nocache.t +new file mode 100644 +index 0000000000000..734e44ec8c2e1 +--- /dev/null ++++ b/test/recipes/20-test_nocache.t +@@ -0,0 +1,34 @@ ++#! /usr/bin/env perl ++# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++use strict; ++use warnings; ++ ++use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file bldtop_dir with/; ++use OpenSSL::Test::Utils; ++ ++setup("test_nocache"); ++ ++plan tests => 4; ++ ++ok(run(app(["openssl", "list", "-mac-algorithms"], ++ stdout => "listout.txt")), ++"List mac algorithms - default configuration"); ++open DATA, "listout.txt"; ++my @match = grep /MAC/, ; ++close DATA; ++ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - default configuration"); ++ ++$ENV{OPENSSL_CONF} = bldtop_file("test", "nocache-and-default.cnf"); ++ok(run(app(["openssl", "list", "-mac-algorithms"], ++ stdout => "listout.txt")), ++"List mac algorithms"); ++open DATA, "listout.txt"; ++my @match = grep /MAC/, ; ++close DATA; ++ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - nocache-and-default"); diff --git a/openssl.spec b/openssl.spec index ea1bc8d..b1fdbb4 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.2.2 -Release: 14%{?dist} +Release: 15%{?dist} Epoch: 1 Source: openssl-%{version}.tar.gz Source2: Makefile.certificate @@ -181,6 +181,8 @@ Patch136: 0136-Add-ALPN-validation-in-the-client.patch Patch137: 0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch Patch138: 0138-Add-a-test-for-an-empty-NextProto-message.patch Patch139: 0139-CVE-2024-6119.patch +# https://github.com/openssl/openssl/pull/26197 +Patch140: 0140-prov_no-cache.patch License: Apache-2.0 URL: http://www.openssl.org/ @@ -527,6 +529,10 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h %ldconfig_scriptlets libs %changelog +* Thu Jan 02 2025 Dmitry Belyavskiy - 1:3.2.2-15 +- Fix providers no_cache behavior + Resolves: RHEL-71903 + * Tue Oct 29 2024 Troy Dawson - 1:3.2.2-14 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018